I've been trying to enable PowerShell logging in Windows 7, without success.
I got a computer that has the following features:
- .NET 4.6
- WMF 5.0
- PowerShell 5.0
I came to the realisation that I needed PowerShell logging after reading this article by FireEye:
The article guided me through the step of enabling PowerShell logging:
- uninstall WMF 5.0
- install WMF 4.0
- install WMF 5.0
After installing WMF 4.0, a Windows PowerShell option added at my GPO setting, as mentioned in the article, but only contained "Turn on Module Logging", "Turn on Script Execution" and "Set the default source path for Update-Help".
I thought that the other settings ("Turn on PowerShell Script Block Logging" and "Turn on PowerShell Transcription") , which interested me the most, will be added after i'll install WMF 5.0 again.
After installing WMF 5.0 - the option in the GPO disappeared!
Not only that the wanted options has not been added - the whole container disappeared - including the first 3 options.
Although the Module logging option, which I enabled after the WMF 4.0 installation, disappeared, there was still Module Logging events created in the event viewer. meaning, the feature is still enabled, but i can't see or change it.
I tried the same on a different, virtual machine, but ended up have to deal with installation problems with WMF 5.0.
I also tried adding the registry keys and values on both of the machines - but without success.
I got a couple of questions:
- Is there a way to enable PowerShell logging as a standalone service (without uninstalling WMF 5)?
- Why are those options disappearing when installing WMF 5?